The Five Risk Lenses

Five lenses. Ten compounding overlaps. One central dependency risk.

These are the five lenses TechFreedom uses to assess a technology tool or platform. Each one asks a different question about risk. Scored together, they reveal something that no single question can: the overall shape of an organisation's dependency on tools it does not control.

  1. 01 Jurisdiction

    Where does your data actually live, and under whose laws?

    Most organisations assume that data stored in a European data centre is governed by European law. This is not always the case. The nationality of the company that owns the platform, and the laws that govern its parent company, can determine who has the right to access your data. This lens asks: if a government agency came for your data, which government would it be?

  2. 02 Continuity

    What happens when a platform changes the rules, the pricing, or simply disappears?

    Platforms make changes that are entirely within their rights and entirely outside your control. Pricing tiers collapse, features disappear behind paywalls, services are sunset. This lens asks: if this tool were unavailable tomorrow, what would break, and how quickly could you recover? It is a question about dependency depth, not just backup habits.

  3. 03 Surveillance

    How much does your tech stack know about you, your staff, and the people you serve?

    Data collection is rarely disclosed clearly, and its implications are even less often considered. Social purpose organisations often hold information about vulnerable people whose privacy matters enormously. This lens asks: what is the surveillance footprint of each tool, and who benefits from the data that is collected? The answer is frequently not the organisation itself.

  4. 04 Lock-in

    Could you leave if you wanted to? What would it cost?

    Switching costs are not just financial. They include the time to migrate data, the learning curve for staff, the loss of integrations, and the institutional knowledge embedded in how a tool has been configured. This lens asks: is your data portable, are there open standards, and what would a realistic exit actually look like? Some tools are genuinely easy to leave. Many are not.

  5. 05 Cost Exposure

    How exposed are you to price changes and eliminated free tiers?

    Free tiers, nonprofit discounts, and introductory pricing are commercial decisions, not commitments. Vendors adjust them when the business case changes. This lens asks: what is the true long-term cost of this tool, and what would happen to your budget if the current pricing changed substantially? Many organisations discover this risk only when it is already a crisis.

Where lenses overlap, risks compound

The risk at the centre

When a tool scores high across several lenses at once, something important happens: the risks stop being separate problems and start behaving as a single compounding one. A tool that sits under foreign jurisdiction, that you cannot easily leave, and that collects significant data about your beneficiaries is not three problems. It is one problem with three reinforcing dimensions.

The thing that sits at the centre of all five lenses is dependency risk: the degree to which an organisation has ceded control over a critical function to an external party whose interests may diverge from theirs. A tool scoring high across all five lenses represents a single point of failure. The organisation has effectively outsourced a core capability to an entity it does not control, cannot leave, cannot audit, and cannot budget for reliably.

The risks are not additive. They are multiplicative. This is why TechFreedom looks at the overall shape of a technology stack, not just individual scores.

The ten pairwise risks

Every combination of two lenses produces a distinct compounding risk with its own character. These are the ten pairings, each named for the situation it describes. Select any to read the full explanation.

Regulatory exile Jurisdiction × Continuity
A platform under foreign law that then changes its terms or shuts down leaves you with no data and no recourse. You are subject to a legal regime that was never designed to protect you, and the service you depended on is gone.
Extraterritorial extraction Jurisdiction × Surveillance
Your data lives under a legal regime that permits surveillance you would never consent to domestically. Think of US CLOUD Act obligations meeting GDPR-governed beneficiary data. The platform collects it; a foreign government can access it.
Captive to a foreign regime Jurisdiction × Lock-in
You cannot leave, and the legal framework governing your data is not yours to influence. The worst of both worlds: the tool is sticky and the law is foreign. Any remedies available to you are, practically speaking, inaccessible.
Price hikes, no exit Jurisdiction × Cost Exposure
The vendor raises prices and your data is governed by laws that make migration harder, or where portable formats are not mandated. You pay more because leaving is genuinely difficult, and the legal framework gives you little leverage.
Dead platform, living data Continuity × Surveillance
The service disappears but your behavioural data persists in their systems or those of their acquirers. The platform is gone; the data it collected is not. What happens to it, and who now controls it, may be impossible to determine.
The sunk cost trap Continuity × Lock-in
The platform is clearly declining but you have built so deeply on it that leaving is as painful as staying. The integration work, the training, the workflows: all of it becomes an argument for remaining on a sinking ship.
The boiling frog Continuity × Cost Exposure
Gradual price increases on a platform you have come to depend on, with no guarantee of stability. Each individual increase seems manageable. The cumulative effect, over time, on an organisation without the reserves to absorb it, is not.
The panopticon you cannot leave Surveillance × Lock-in
The more you use it, the more it knows. The more it knows, the harder it is to go. Google Workspace for nonprofits is the clearest example: years of documents, email history, and integrations make the platform progressively harder to leave, while it accumulates an ever-deeper picture of the organisation.
Free means you are the product Surveillance × Cost Exposure
The zero-cost tier is subsidised by data extraction. When the free tier ends, you pay twice: once in money, once in the data that was already collected. The apparent saving was always a deferred cost, and the data collected does not come back.
The ratchet Lock-in × Cost Exposure
You cannot leave, so they can charge what they like. Salesforce for nonprofits after the free licences run out is the clearest example. The switching cost is so high that price increases become, in practice, unavoidable. The ratchet only turns one way.

Put the lenses to work

Tool Risk Assessment Score your own tech stack across all five lenses using the interactive assessment tool. Database Alternatives Browse tools pre-scored across all five lenses, with curated alternatives for each. Programme The Cohort Apply the lenses to your own stack with expert facilitation and peer support.

Ready to assess your own stack?

Join a cohort of organisations doing this work together. Three sessions, real analysis, a flexible roadmap.

Join the pilot cohort